One of the key processes required for effective security is that of risk management, which, in brief, requires at least the ability to analyze and model risk. Threat analysis and modeling can be seen as a precursor to risk analysis and modeling. This process tries to address some rather primitive problems, such as:

How do you approach solving these large problems? What processes should you follow, and what tools should you use along the way?

Microsoft’s Threat Analysis & Modeling (TAM) tool, developed by its Application Consulting & Engineering (ACE) team, helps teams build a picture of threats their systems may face and assists those teams in defining strategies for dealing with security issues. The tool and its associated processes are built around the roles and responsibilities of various groups involved in the development of software applications. TAM also aids in collectively increasing the security awareness of your team and customers.

Microsoft’s ACE team is chartered with empowering various application development teams around Microsoft to develop and maintain more secure software, and it is responsible for developing, deploying, and refining security training, tools, and processes.